[aerogear-dev] [Unified Push Server] Roles structure & password management

Matthias Wessendorf matzew at apache.org
Thu Oct 17 10:22:08 EDT 2013 

On Thu, Oct 17, 2013 at 4:17 PM, Sebastien Blanc <scm.blanc at gmail.com>wrote:

> Well, yes now that you said that :) Security based on Grouping.
>

.next ? :-)



>
>
> On Thu, Oct 17, 2013 at 4:15 PM, Matthias Wessendorf <matzew at apache.org>wrote:
>
>> you mean grouping ?
>>
>>
>> On Thu, Oct 17, 2013 at 4:13 PM, Sebastien Blanc <scm.blanc at gmail.com>wrote:
>>
>>>
>>>
>>>
>>> On Thu, Oct 17, 2013 at 3:44 PM, Matthias Wessendorf <matzew at apache.org>wrote:
>>>
>>>> any corp. org. may want some with just read-only access;
>>>> The project lead is allowed to update the keys etc, but all the
>>>> /normal/ developers can just see the IDs/secrets (so that they can use it
>>>> in their server apps).
>>>>
>>>
>>> This is also an interesting point, at some point don't we want the
>>> "read" rights limited to a single/set of pushapps or even a level deeper
>>> based on variants ?
>>> Maybe in a big company, Bob the slacker intern has read access for his
>>> supracool push app but also has access to the Public Relation Push App
>>>  keys ...
>>>
>>>
>>>
>>>> I guess that's not really (at least for me) closely related to a 'test
>>>> via admin ui' feature
>>>>
>>>> -M
>>>>
>>>>
>>>> On Thu, Oct 17, 2013 at 3:39 PM, Corinne Krych <corinnekrych at gmail.com>wrote:
>>>>
>>>>> Not sure about the role: user.
>>>>>
>>>>> What will be the use case for this one?
>>>>> One use case, I see is if the 'user' is a tester. If we had the
>>>>> feature to send push notification test via admin UI (as we discussed in [1]
>>>>> and [2]).
>>>>>
>>>>> ++
>>>>> Corinne
>>>>> [1]
>>>>> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Push-Server-Admin-UI-td2678.html#a2718
>>>>> [2] https://issues.jboss.org/browse/AGPUSH-38
>>>>>
>>>>> On Oct 17, 2013, at 3:09 PM, Matthias Wessendorf <matzew at apache.org>
>>>>> wrote:
>>>>>
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Thu, Oct 17, 2013 at 2:54 PM, Sebastien Blanc <
>>>>> scm.blanc at gmail.com> wrote:
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Thu, Oct 17, 2013 at 2:35 PM, Lucas Holmquist <
>>>>> lholmqui at redhat.com> wrote:
>>>>> >
>>>>> > On Oct 15, 2013, at 11:14 AM, Sebastien Blanc <scm.blanc at gmail.com>
>>>>> wrote:
>>>>> >
>>>>> >> So for the next Unified Push Release (0.9) it would be nice if we
>>>>> could have some decent User Management, so I'm bumping this thread again.
>>>>> >> Some existing pointer :
>>>>> >>
>>>>> >> -   this thread :)
>>>>> >> -  https://issues.jboss.org/browse/AGPUSH-351
>>>>> >> -  https://gist.github.com/sebastienblanc/6547605
>>>>> >>
>>>>> >> First point to define is :
>>>>> >> -  What roles do we want ? And what can these Roles do ?
>>>>> >
>>>>> > Admin - Can do all things including creating other users
>>>>> > Developer - can create apps and such. no access to the user
>>>>> management UI
>>>>> > User - read only - not sure if this one is needed
>>>>> > Yes, not sure also but why not ? Could be useful for a monitoring
>>>>> app/RHQ plugin that just want to retrieve the list of active pushapps ...
>>>>> >
>>>>> >
>>>>> > +1 - I like these three different roles, including their rights
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >> -  How can these Roles be created (granted ...)
>>>>> >> -  Design
>>>>> >
>>>>> > I think we are still waiting on Hylke for this?   not sure
>>>>> >
>>>>> >>
>>>>> >> Seb
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Sep 17, 2013 at 2:07 PM, Matthias Wessendorf <
>>>>> matzew at apache.org> wrote:
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Sep 17, 2013 at 2:04 PM, Apostolos Emmanouilidis <
>>>>> aemmanou at redhat.com> wrote:
>>>>> >> Following the discussion on GitHub [1], here are some points to be
>>>>> >> discussed about the user management flow:
>>>>> >>
>>>>> >> - Does it make sense to add a role select field (admin, developer)
>>>>> on
>>>>> >> the enrollment page?
>>>>> >>
>>>>> >> hrm, and (perhaps later) a section where to define the roles ? I
>>>>> think it's a good point, but not sure we need all this 'now' :-)
>>>>> >>
>>>>> >> - Should we add an additional password field (password
>>>>> confirmation) on
>>>>> >> the enrollment page?
>>>>> >>
>>>>> >> yeah, would be nice
>>>>> >>
>>>>> >> - I think that the current logged in user shouldn't be available for
>>>>> >> deletion
>>>>> >>
>>>>> >> yep, I agree
>>>>> >>
>>>>> >> [1]:
>>>>> >>
>>>>> https://github.com/aerogear/aerogear-unifiedpush-server-admin-ui/pull/6
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Fri, 2013-09-13 at 10:15 +0200, Sebastien Blanc wrote:
>>>>> >> > A Jira has been created
>>>>> https://issues.jboss.org/browse/AGPUSH-351
>>>>> >> > And draft structure has been created
>>>>> >> > here https://gist.github.com/sebastienblanc/6547605 that can be
>>>>> used
>>>>> >> > as base for the Pull Request.
>>>>> >> >
>>>>> >> >
>>>>> >> > On Fri, Sep 13, 2013 at 5:53 AM, Douglas Campos <qmx at qmx.me>
>>>>> wrote:
>>>>> >> >         On Thu, Sep 12, 2013 at 09:39:28AM -0300, Bruno Oliveira
>>>>> >> >         wrote:
>>>>> >> >         > Would be nice to have a 8 hands document on it
>>>>> >> >
>>>>> >> >
>>>>> >> >         who's going to start the pull request on it? it's
>>>>> SPECTIME!
>>>>> >> >
>>>>> >> >         --
>>>>> >> >         qmx
>>>>> >> >         _______________________________________________
>>>>> >> >         aerogear-dev mailing list
>>>>> >> >         aerogear-dev at lists.jboss.org
>>>>> >> >         https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> > _______________________________________________
>>>>> >> > aerogear-dev mailing list
>>>>> >> > aerogear-dev at lists.jboss.org
>>>>> >> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >>
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> aerogear-dev mailing list
>>>>> >> aerogear-dev at lists.jboss.org
>>>>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Matthias Wessendorf
>>>>> >>
>>>>> >> blog: http://matthiaswessendorf.wordpress.com/
>>>>> >> sessions: http://www.slideshare.net/mwessendorf
>>>>> >> twitter: http://twitter.com/mwessendorf
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> aerogear-dev mailing list
>>>>> >> aerogear-dev at lists.jboss.org
>>>>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> aerogear-dev mailing list
>>>>> >> aerogear-dev at lists.jboss.org
>>>>> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > aerogear-dev mailing list
>>>>> > aerogear-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > aerogear-dev mailing list
>>>>> > aerogear-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Matthias Wessendorf
>>>>> >
>>>>> > blog: http://matthiaswessendorf.wordpress.com/
>>>>> > sessions: http://www.slideshare.net/mwessendorf
>>>>> > twitter: http://twitter.com/mwessendorf
>>>>> > _______________________________________________
>>>>> > aerogear-dev mailing list
>>>>> > aerogear-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131017/72a82de1/attachment-0001.html

More information about the aerogear-dev mailing list